git://git.onelab.eu / linux-2.6.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
patch-2_6_7-vs1_9_1_12
[linux-2.6.git] / net / ipv4 / netfilter / ip_conntrack_proto_tcp.c
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
index 9bcb718..1cc7965 100644 (file)
--- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
@@ -177,6 +177,8 @@ static int tcp_packet(struct ip_conntrack *conntrack,
 
        if (skb_copy_bits(skb, skb->nh.iph->ihl * 4, &tcph, sizeof(tcph)) != 0)
                return -1;
+       if (skb->len < skb->nh.iph->ihl * 4 + tcph.doff * 4)
+               return -1;
 
        /* If only reply is a RST, we can consider ourselves not to
           have an established connection: this is a fairly common
linux-2.6